Djibril Mounkoro

**Name of the Vulnerable Software and Affected Versions** CyberPanel versions prior to 2.4.4 **Description** A stored cross-site scripting issue exists in the AI Scanner dashboard. The endpoint '/api/ai-scanner/callback' does not require authentication, allowing unauthenticated attackers to inject malicious JavaScript by overwriting the `findings json` field of ScanHistory records. This script executes within an administrator's authenticated session upon visiting the AI Scanner dashboard, which can be used to issue same-origin requests to plant cron jobs and achieve remote code execution on the server. **Recommendations** Update to version 2.4.4 or later.

**Name of the Vulnerable Software and Affected Versions** CyberPanel versions prior to 2.4.4 **Description** An authentication bypass in the AI Scanner worker API endpoints allows unauthenticated remote attackers to write arbitrary data to the database. This is achieved by sending requests to the endpoints '/api/ai-scanner/status-webhook' and '/api/ai-scanner/callback'. Exploitation of this flaw can lead to denial of service through storage exhaustion, corruption of scan history records, and pollution of database fields with malicious data. **Recommendations** Update to version 2.4.4 or later.